Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t1lAl-000EEX-W7 for pgsql-admin@arkaria.postgresql.org; Fri, 18 Oct 2024 11:29:38 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1t1lAi-002v0g-UB for pgsql-admin@arkaria.postgresql.org; Fri, 18 Oct 2024 11:29:33 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t1lAi-002uyP-EP for pgsql-admin@lists.postgresql.org; Fri, 18 Oct 2024 11:29:32 +0000 Received: from mailout3.izum.si ([193.2.126.3]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t1lAb-001het-1i for pgsql-admin@lists.postgresql.org; Fri, 18 Oct 2024 11:29:31 +0000 Received: from EXSRV-02.izum.pri (EXSRV-02.izum.pri [10.1.100.197]) by mailout3.izum.si (Postfix) with ESMTPS id CB7096028602 for ; Fri, 18 Oct 2024 13:29:22 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mailout3.izum.si CB7096028602 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=izum.si; s=20210129; t=1729250962; bh=v+KOd0WI+X0o++NbnUDme3TIa+9XQvcxnsXNJKq/WCA=; h=From:To:Subject:Date:From; b=NWvXYnwWs+cs473NZa/QABLbH9Xun9BZN7gY2MRdf88pMOR0xlAHhbxdcO/exScRv 9jOse3t93q/4O55pHK3BCnsoyA/AbFYCRmDiYgS1DPSAuSgSaWYCzYxL7V8ajW/2Ei 2iW6XBg8Qb91zzItWvYQodc28pVz48z5O7duXM7Uj7fXHNSVEvUqpNA6fSGP5ET98q 0zciyugBd+G8uloc2z/ojWT5s0pNdcZWhJOceFmhKaL1H0kr55kuX/ZEjk/68ouXeO bjt4rsBzWB3Rs2bY6buzYDfw/StR8wLwCHFtuutNq/nw/29Xzy91epOv+EAsvqGZtV RzcsUog8+aIWQ== Received: from EXSRV-02.izum.pri (10.1.100.197) by EXSRV-02.izum.pri (10.1.100.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 18 Oct 2024 13:29:22 +0200 Received: from EXSRV-02.izum.pri ([fe80::f170:99d6:d141:23e6]) by EXSRV-02.izum.pri ([fe80::f170:99d6:d141:23e6%8]) with mapi id 15.01.2507.034; Fri, 18 Oct 2024 13:29:22 +0200 From: =?iso-8859-2?Q?Domen_=A9etar?= To: "pgsql-admin@lists.postgresql.org" Subject: LDAP authentication problem Thread-Topic: LDAP authentication problem Thread-Index: AdshTY9Y3Ba5Xp+SQrOQddNnCznDeg== Date: Fri, 18 Oct 2024 11:29:22 +0000 Message-ID: Accept-Language: sl-SI, en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.1.100.6] Content-Type: multipart/related; boundary="_004_c3560ede2a4c4892abf29448e7e07755izumsi_"; type="multipart/alternative" MIME-Version: 1.0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --_004_c3560ede2a4c4892abf29448e7e07755izumsi_ Content-Type: multipart/alternative; boundary="_000_c3560ede2a4c4892abf29448e7e07755izumsi_" --_000_c3560ede2a4c4892abf29448e7e07755izumsi_ Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable Hi Admins, I have faced very strange problem in one of my postgresql servers. We use L= DAP authentication. Several colegues can't login with their AD accounts into the server. I foun= d error messages in postgresql log: 2024-10-18 07:23:46 CEST [3203974]: [2-1] ... could not search LDAP for fi= lter "(samaccountname=3Djohndoe)" on server "adc1 adc2": Operations error 2024-10-18 07:23:46 CEST [3203974]: [3-1] ... DETAIL: LDAP diagnostics: 00= 0004DC: LdapErr: DSID-0C090C78, comment: In order to perform this operation= a successful bind must be completed on the connection., data 0, v4f7c 2024-10-18 07:23:46 CEST [3203974]: [4-1] ... FATAL: LDAP authentication f= ailed for user "johndoe" I can login with my AD account. Ldapsearch works from the host. My colegues can login with the same LDAP account to postgresql on antoher h= osts. I'm out of ideas what could be wrong. Best regards! [izum] Domen =A9etar Computer Systems Support IZUM - Institute of Information Science | Pre=B9ernova ulica 17 | 2000 Mari= bor | Slovenia T: +386 2 25 20 339 | M: +386 41 676 342 | www.izum.si= | domen.setar@izum.si --_000_c3560ede2a4c4892abf29448e7e07755izumsi_ Content-Type: text/html; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable

Hi Admins,

 

I have faced very s= trange problem in one of my postgresql servers. We use LDAP authentication.=

 

Several colegues ca= n't login with their AD accounts into the server. I found error messages in= postgresql log:

 

2024-10-18 07:23:46= CEST [3203974]: [2-1] …  could not search LDAP for filter "= ;(samaccountname=3Djohndoe)" on server "adc1 adc2": Operatio= ns error

2024-10-18 07:23:46= CEST [3203974]: [3-1] … DETAIL:  LDAP diagnostics: 000004DC: Ld= apErr: DSID-0C090C78, comment: In order to perform this operation a success= ful bind must be completed on the connection., data 0, v4f7c

2024-10-18 07:23:46= CEST [3203974]: [4-1] … FATAL:  LDAP authentication failed for = user "johndoe&#= 8221;

 

I can login with my= AD account.

Ldapsearch works fr= om the host.

My colegues can log= in with the same LDAP account to postgresql on antoher hosts.

 

I'm out of ideas wh= at could be wrong.

 

Best regards!

3D"izum=

Domen =A9etar
Computer Systems Support
IZUM ̵= 1; Institute of Information Science | Pre=B9er= nova ulica 17 | 2000 Maribor | Slovenia
T: = 3;386 2 25 20 339 | M: += 386 41 676 342 | www.izum.si | domen.setar@izum.si

 

 

--_000_c3560ede2a4c4892abf29448e7e07755izumsi_-- --_004_c3560ede2a4c4892abf29448e7e07755izumsi_ Content-Type: image/jpeg; name="image002.jpg" Content-Description: image002.jpg Content-Disposition: inline; filename="image002.jpg"; size=1318; creation-date="Fri, 18 Oct 2024 11:29:22 GMT"; modification-date="Fri, 18 Oct 2024 11:29:22 GMT" Content-ID: Content-Transfer-Encoding: base64 /9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0a HBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIy MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCABHAEcDASIA AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3 ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3 uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3+iii gArN1OR0vdIVXZVe8ZXAONw8mU4P4gH8K0qwvE2q6ZoqaZfarctbwJeYVwpYbjFIOcc4xn8cVUU2 7ImTsrhqU0qaN4idZXVokk8tg2Cn7hTx6c81uD7o+lcFf+PfBsmmarF/bYb7Wj5VInLDMYTAyME8 frXer90fSnKLjuhRkm9GLRRRUFhRRRQAUUUUAFZev2Oj32lsuuR2z2UbCQm4ICoR0OT06n8zWpXJ +PNP07VLPSbTVGuBbPqAOLeMuxYQykAgAnHHPB/qLp/EiZ/Czj4brw1f6odK0bwvDr1swMc1zBYR QtDkdfMwqnrx936mvWx0rjfsNg2lyaZa6tqNlDLG0KD7KIUXcMDnylA6+oNdkOgqqruyKSsLRRRW RqFFFFABRRRQAVz3i7XZfD9pYXUOmy6g0l2IjDCu6QAxyElR6jb+Wa6Guc8Y3mtWVnp76FFDPeNd 4MMuMSIIpGKg9j8vXIq6avJJkVHaLOavfGer67ZT6VY+DtWjmvI2g827iMccYYbdzHHQZzivRYlZ YkVm3MFAJ9TXn8vjKDxFoGoJaXVzo2v2MDym0lO1wyrkjBGHHHpkegzXoQ+6PpV1VbS1iaevW4tF FFYmoUUUUAFFFFABXM+NLvTLG00y51S/ubCOO+UxXMAB2P5cn3gVbKkbh07iumrG1+ysNQfS7XUL NLqJ7w7UkAKhhDKckEHdxnj1IParhZS1Jnfl0OB8X6v8O/Etg8lxqii+ijJiuIImEuQOn3QDn0P6 V6sv3R9K4/UfDfhhdJ1iQ+HNPH2WJwfLgRWOIw3DbflPOM9sZrsB0FVUlFpKN/mRTi022LRRRWRq FFFFABRRRQAVmar/AMf+i/8AX63/AKImooprcUtilqv/ACA/E/8A1zk/9J1rfHQUUU3sJbi0UUVJ QUUUUAf/2Q== --_004_c3560ede2a4c4892abf29448e7e07755izumsi_--